[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Moving away from (unsupportable) FusionForge on Alioth?

On Sun, 14 May 2017, Boyuan Yang wrote:


> I am worried about the status of FusionForge (and thus the development workflow 
> around Alioth) for Debian.
> Recently I had a discussion on #alioth @OFTC asking for the possibility or 
> plan of upgrading alioth.debian.org from Wheezy to newer Jessie or Stretch. We 
> know Wheezy *is* EOL now with extended LTS support till 2018/05. One of the 
> admins ("formorer") said things won't change till Wheezy LTS EOL since 
> upgrading will surely break fusionforge and **no one** can fix fusionforge 
> after that. The last person who touched FusionForge is Roland Mas (in CC 
> list). In my understanding that means fusionforge is already in an 
> unmaintained state even for now.
> Wheezy LTS EOL will arrive within one year. After that the unavailability of 
> Alioth will surely break everything around Alioth: the Alioth account system, 
> Git/SVN/CVS repository and web interfaces, alioth maillist and so on. Debian's 
> development workflow will just break down. And I believe people will not accept 
> a platform with security holes as one of Debian's basic infrastructures.
> As a result, I'm writing to suggest we find an answer to such a problem soon. 
> Migration to Jessie or Stretch with new FusionForge version might be possible. 
> Or we should just drop outdated FusionForge and move to some modern platforms 
> like GitLab (with an alternated workflow possibly).
> There are much room for discussion but we should start evaluation without 
> delay, since migration would take much time and the time left is pretty 
> limited.
Here are my two cents and current plans:

I don't think alioth as it is has a future. It is too overloaded, a bad
software base and not well maintained (I am sorry for that). 

I think that we should move the relevant services into new hosts/services. In
the first step that would be:

Must have:

- Account management - I am thinking about using freeipa for that
- Git Hosting - we want to give pagure [1] a try, which uses gitolite, which is a
  nice git solution. Regarding Hooks, no, we don't want anyone to use
  arbitrary hooks. This is just opening a (security) can of worms. But we
  want to provide hooks as a service. Pagure also has issue tracking. 

Nice to have:

- SVN / CVS Hosting (SVN as there a still a lot of users and CVS for webml)
- Mailinglists

Things I/we don't want in the future:

- Shell Hosting
- More or less obsolete Version Controlsystems, like Darcs, Bazar and so on.

We should strip down the future set to a working and maintainable minimum. 

Just my 2 cent

Alex - Alioth Admin

[1] https://www.freeipa.org/page/Main_Page
[2] http://pagure.io

Attachment: signature.asc
Description: PGP signature

Reply to: